Skip to main content
Tech Titan

Resource Hub / Webhooks

Bitrix24 webhooks: the complete production playbook.

In short

How Bitrix24 incoming and outgoing webhooks work: creation, security, PHP receivers, queue workers, retries, logging, and production patterns. Practical guides by Tech Titan.

Webhooks are the fastest path into and out of Bitrix24. Incoming webhooks give external systems a URL that can call REST methods; outgoing webhooks and events notify your systems when CRM data changes. Between those two primitives you can build almost any integration.

This hub covers how they work and — more importantly — how to run them in production: authentication, validation, queueing, retries, duplicate prevention, and logging. Practical guidance by Tech Titan; official reference remains the Bitrix24 documentation.

Incoming webhooks

  • Created per-user in Developer resources with selected scopes (crm, tasks, etc.)
  • The URL embeds the auth key: https://yourportal.bitrix24.com/rest/USER_ID/KEY/method
  • Call any in-scope REST method: crm.lead.add, crm.deal.update, crm.item.list…
  • Treat the URL as a password: never commit it, never log it, rotate on staff exit

Outgoing webhooks and events

  • Subscribe to events like ONCRMLEADADD or ONCRMDEALUPDATE
  • Bitrix24 POSTs event payloads to your handler URL with an application token to verify
  • Payloads carry IDs, not full records — fetch details with a follow-up get call
  • Handle at-least-once delivery: your processing must be idempotent

The production skeleton

Every reliable webhook integration has the same shape: authenticate the request, validate the payload, enqueue immediately (respond 200 fast), process from the queue with controlled concurrency, retry transient failures with backoff, dead-letter what keeps failing, and log every step. This is the architecture behind our WebhookShield module, and the difference between an integration and an incident generator.

Frequently asked questions

What is the difference between incoming and outgoing webhooks in Bitrix24?

Incoming: your systems call Bitrix24 (a URL that executes REST methods). Outgoing: Bitrix24 calls your systems when events happen. Real integrations usually use both — outgoing to know something changed, incoming/REST to act on it.

How do I receive Bitrix24 outgoing webhook data in PHP?

Bitrix24 sends form-encoded POST data — read $_POST (event, data[FIELDS][ID], auth[application_token]), verify the application token against your stored value, respond 200 immediately, and process asynchronously. Our webhook development service builds this hardened.

How do I secure a Bitrix24 webhook endpoint?

Verify application tokens on outgoing events, use HTTPS with unguessable paths plus bearer tokens for your own inbound calls, validate structure before processing, and never expose webhook URLs in logs or client-side code.

How do I retry failed webhook jobs?

Queue every job with an attempt counter; on failure, re-schedule with exponential backoff (e.g. 1m, 5m, 30m, 2h); after final failure, dead-letter with an alert. Never retry synchronously inside the request handler.

Ready to make your CRM work like a real business operating system?

Let Tech Titan connect your leads, workflows, automations, communications, and reporting inside one intelligent CRM ecosystem.